Privacy Policy

PredictX Ltd. (“PredictX”, “we”, “our”, “us”), registered in England and Wales (Company No. 14872033), is the data controller responsible for your personal information. We are committed to protecting your privacy and handling your data in an open and transparent manner.

This Privacy Policy explains what personal data we collect, why we collect it, how we use and share it, and what rights you have over it. It applies to all users of the PredictX Platform, website, mobile applications, and any related services (collectively, the “Services”).

Information You Provide Directly

• Account data: username, email address, date of birth, nationality, and password (stored as a salted hash).
• Identity verification (KYC): government-issued photo ID, proof of address, selfie/liveness check, source of funds documentation.
• Payment information: bank account details, cryptocurrency wallet addresses (we do not store full card numbers — card payments are processed by PCI-DSS compliant third-party processors).
• Communications: messages you send to our support team, survey responses, and feedback submissions.

Information Collected Automatically

• Usage data: pages visited, features used, markets viewed, bets placed, session timestamps, and click patterns.
• Device data: IP address, browser type and version, operating system, device identifiers, and time zone.
• Cookies and tracking: session cookies, persistent preference cookies, and analytics identifiers (see Cookie Policy below).
• Transaction data: full history of deposits, withdrawals, bets, payouts, and balance changes.

Information From Third Parties

• Identity verification providers (e.g., Onfido, Jumio) who process KYC documents on our behalf.
• Blockchain analytics providers for AML screening of cryptocurrency transactions.
• Fraud prevention services that share risk signals about known bad actors.

Under UK GDPR and the Data Protection Act 2018, we process your personal data on the following legal bases:

• Performance of a contract: Processing necessary to provide the Services, including managing your account, processing bets, and handling payments.
• Legal obligation: Processing required to comply with anti-money laundering (AML), Know Your Customer (KYC), and other regulatory obligations imposed by our gaming licence.
• Legitimate interests: Fraud prevention, platform security, improving our Services, and communicating relevant product updates — where these interests are not overridden by your rights.
• Consent: For optional marketing communications and the use of non-essential cookies. You may withdraw consent at any time without affecting the lawfulness of prior processing.

We use the personal data we collect for the following purposes:

• Creating and managing your account, verifying your identity, and processing transactions.
• Providing, maintaining, and improving the Platform and its features.
• Detecting and preventing fraud, money laundering, and other prohibited activities.
• Complying with our legal and regulatory obligations, including reporting to gaming authorities.
• Personalising your experience and showing you relevant markets and promotions.
• Communicating with you about your account, transactions, and service updates.
• Sending marketing communications (only if you have opted in and subject to your preferences).
• Monitoring for problem gambling indicators and fulfilling responsible gambling obligations.
• Conducting analytics and research to understand usage patterns and improve our Services.
• Resolving disputes and enforcing our Terms of Service.

We do not sell your personal data to third parties. We may share your information with:

Service Providers

Carefully vetted third-party providers acting as data processors on our behalf, including: payment processors (Stripe, Checkout.com), KYC/AML service providers (Onfido, Elliptic), cloud infrastructure (AWS, Cloudflare), email delivery (SendGrid), customer support tooling, and analytics platforms. All processors are bound by data processing agreements requiring them to protect your data.

Regulatory & Legal Authorities

We may disclose personal data to gaming regulators, law enforcement agencies, financial intelligence units, or courts when required by law, court order, or regulatory direction, or when we believe disclosure is necessary to protect the rights, property, or safety of PredictX, our users, or the public.

Business Transfers

In the event of a merger, acquisition, or sale of assets, your personal data may be transferred to the acquiring entity. We will notify you of such transfers and any changes to data handling.

PredictX uses cookies and similar tracking technologies (web beacons, pixels, local storage) to operate and improve our Services. We use the following categories of cookies:

• Strictly necessary: Required for the Platform to function. Examples: session authentication, security tokens, load balancing. Cannot be disabled.
• Functional: Remember your preferences, such as language, odds format, and notification settings. Disabled by default; you may opt in.
• Analytics: Help us understand how users interact with the Platform (using privacy-preserving analytics, e.g., Plausible Analytics). Disabled by default; you may opt in.
• Marketing: Used to deliver relevant advertisements on third-party platforms. Disabled by default; requires explicit consent.

You can manage your cookie preferences at any time via the Cookie Preferences Centre accessible in the footer. Note that disabling functional cookies may affect your experience.

Your personal data is primarily stored on servers located within the United Kingdom and the European Economic Area (EEA). Some of our service providers operate outside these regions, which may involve transferring your data internationally.

Where we transfer data outside the UK or EEA, we ensure appropriate safeguards are in place, including:

• Standard Contractual Clauses (SCCs) approved by the ICO or European Commission.
• Adequacy decisions recognising equivalent data protection standards.
• Binding Corporate Rules where applicable within our service provider groups.

You may request details of the transfer mechanisms in place for specific processors by contacting our DPO at dpo@predictx.io.

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including to satisfy legal, regulatory, accounting, or reporting requirements:

• Account data: Retained for the duration of your account, plus 7 years after closure (AML legal requirement).
• KYC documents: Retained for 5 years after the business relationship ends, as required by the UK Money Laundering Regulations.
• Transaction records: Retained for 7 years for tax and regulatory purposes.
• Marketing preferences: Until you withdraw consent or request deletion.
• Support communications: Retained for 3 years from last contact.
• Server logs and usage data: Retained for 12 months on a rolling basis.

When data is no longer required, it is securely deleted or anonymised in accordance with our data destruction policy.

Under UK GDPR and the Data Protection Act 2018, you have the following rights regarding your personal data:

• Right of access: Request a copy of the personal data we hold about you (Subject Access Request).
• Right to rectification: Request correction of inaccurate or incomplete data.
• Right to erasure: Request deletion of your data (“right to be forgotten”), subject to overriding legal obligations (e.g., AML retention requirements).
• Right to restrict processing: Ask us to limit how we use your data in certain circumstances.
• Right to data portability: Receive your data in a structured, machine-readable format.
• Right to object: Object to processing based on legitimate interests or direct marketing.
• Rights related to automated decision-making: Not to be subject to solely automated decisions that significantly affect you without human review.

To exercise any of these rights, submit a request to dpo@predictx.io. We will respond within 30 days. You also have the right to lodge a complaint with the ICO at ico.org.uk if you believe we have not handled your data lawfully.

We implement and maintain industry-standard technical and organisational security measures to protect your personal data against unauthorised access, disclosure, alteration, or destruction. These include:

• TLS 1.3 encryption for all data in transit.
• AES-256 encryption for sensitive data at rest.
• Multi-factor authentication (MFA) for account access and internal systems.
• Regular third-party penetration testing and security audits.
• Role-based access controls limiting employee access to personal data on a need-to-know basis.
• Automated anomaly detection and intrusion prevention systems.
• Bug bounty programme for responsible disclosure of security vulnerabilities.

In the unlikely event of a personal data breach, we will notify affected users and the ICO in accordance with our legal obligations (within 72 hours of becoming aware where required by law).

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

• Update the “Last Updated” date at the top of this page.
• Send registered users an email notification at least 14 days before changes take effect.
• Display a prominent notice on the Platform.

We encourage you to review this Policy periodically. Your continued use of the Services after the effective date of any changes constitutes your acknowledgment of the updated Policy. If you object to any changes, you may close your account by contacting support@predictx.io.